Your privacy and security are our top priorities. This policy outlines how Luntrex handles data collection, processing, and storage across our platform.
Last updated: 2026-01-15. For privacy questions or rights requests, contact no-reply@luntrex.com.
Luntrex collects only the data necessary to operate your account and improve platform performance. This includes account information, usage logs, model routing metrics, and billing records. We do not use model input or output for training or advertising. Debugging data is kept only when explicitly enabled and is time-limited.
Passwords are hashed (bcrypt), and API keys are stored hashed so they cannot be retrieved in plain text. Data in transit uses TLS. Secrets at rest are protected by our cloud provider KMS. Unauthorized requests are blocked and logged through continuous monitoring.
If you sign in with Google, we access only basic profile data (name, email, and Google account ID) required for authentication and account linking. We use this data to create and secure your account, display your profile name/email, prevent fraud, and send transactional notices (e.g., verification and security alerts). We do not access Google Drive, Gmail contents, or any sensitive scopes, and we do not sell or rent Google user data.
Sharing: Google user data is not sold. It is shared only with essential subprocessors (e.g., hosting, email delivery) under confidentiality and security terms. Storage: Account identifiers and email are stored in our database with encryption at rest; transport is always over TLS. Retention: Kept while your account remains active or as required for security, fraud prevention, and legal obligations. You can request deletion at any time.
Deletion & Control: You may request deletion via no-reply@luntrex.com and revoke access from your Google Account permissions page. On deletion, linked Google identifiers are removed from our systems (subject to legal retention of billing/audit logs).
Your data belongs to you. We do not sell or rent your personal or usage information. Model prompts and responses remain confidential and are not used for training or benchmarking unless you explicitly authorize it.
For convenience, Luntrex may store minimal session data such as authentication cookies or UI preferences. These items can be cleared anytime without affecting your permanent account or backend logs. Sensitive data (e.g., API keys) is never exposed or cached in client-side storage.
Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, audited, and protected by least-privilege controls. Backups are stored securely with access logging. We regularly patch and monitor infrastructure for vulnerabilities.
Luntrex complies with global privacy standards, including GDPR and regional data protection laws. Data is retained only as long as necessary for account operation, billing, and compliance audits (for example, billing records may be retained per statutory requirements). You can request data deletion or export at any time through our support team.
Where applicable, you have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. Submit requests via our support channel; we will respond within applicable legal timeframes. For Google sign-in users, you may also revoke our access in your Google Account settings; once revoked, we will remove the linked Google identifiers from your account record (subject to required billing/audit retention).
Data is hosted with reputable cloud providers. We use vetted subprocessors for storage, email, and analytics; each is bound by confidentiality and security commitments. We can provide a current subprocessor list upon request.
In the event of a data incident involving your personal data, we will notify affected users without undue delay in accordance with applicable law.
Luntrex is not directed to children under the age of 16. If we learn a child has provided personal data, we will delete it promptly.